Development of a method for assessing the security of cyber-physical systems based on the Lotka–Volterra model

Authors

DOI:

https://doi.org/10.15587/1729-4061.2021.241638

Keywords:

critical infrastructure, security system, threat classifier, Lotka–Volterra model, simulation method, security level

Abstract

The paper presents the results of the development of a method for assessing the security of cyber-physical systems based on the Lotka–Volterra model. Security models of cyber-physical systems are proposed: “predator–prey” taking into account the computing capabilities and focus of targeted cyberattacks, “predator–prey” taking into account the possible competition of attackers in relation to the “prey”, “predator–prey” taking into account the relationships between “prey species” and “predator species”, “predator–prey” taking into account the relationship between “prey species” and “predator species”. Based on the proposed approach, the coefficients of the Lotka–Volterra model α=0.39, β=0.32, γ=0.29, φ=0.27 were obtained, which take into account the synergy and hybridity of modern threats, funding for the formation and improvement of the protection system, and also allow determining the financial and computing capabilities of the attacker based on the identified threats.

The proposed method for assessing the security of cyber-physical systems is based on the developed threat classifier, allows assessing the current security level and provides recommendations regarding the allocation of limited protection resources based on an expert assessment of known threats. This approach allows offline dynamic simulation, which makes it possible to timely determine attackers' capabilities and form preventive protection measures based on threat analysis. In the simulation, actual bases for assessing real threats and incidents in cyber-physical systems can be used, which allows an expert assessment of their impact on both individual security services and security components (cyber security, information security and security of information).

The presented simulation results do not contradict the graphical results of the classical Lotka–Volterra model, which indicates the adequacy of the proposed approach for assessing the security of cyber-physical systems

Author Biographies

Serhii Yevseiev, Simon Kuznets Kharkiv National University of Economics

Doctor of Technical Sciences, Professor

Department of Cyber Security and Information Technology

Serhii Pohasii, Simon Kuznets Kharkiv National University of Economics

PhD, Associate Professor

Department of Cyber Security and Information Technology

Stanislav Milevskyi, Simon Kuznets Kharkiv National University of Economics

PhD, Associate Professor

Department of Cyber Security and Information Technology

Oleksandr Milov, Simon Kuznets Kharkiv National University of Economics

Doctor of Technical Sciences, Professor

Department of Cyber Security and Information Technology

Yevgen Melenti, Yaroslav Mudryi National Law University

PhD

Special Department No. 2 «Tactical-Special Training, Marksmanship Training and Special Physical Training»

Juridical Personnel Training Institute for the Security Service of Ukraine

Ivan Grod, Ternopil Ivan Puluj National Technical University

Doctor of Physical and Mathematical Sciences, Associate Professor

Department of Cybersecurity

Denis Berestov, Taras Shevchenko National University of Kyiv

PhD

Department of Program Systems and Technology

Ruslan Fedorenko, Taras Shevchenko National University of Kyiv

PhD

Department of Program Systems and Technology

Oleg Kurchenko, Taras Shevchenko National University of Kyiv

PhD, Associate Professor, Senior Researcher

Department of Program Systems and Technology

References

  1. IoT Security Maturity Model: Description and Intended Use (2018). Available at: https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf
  2. IoT Security Maturity Model: Practitioner’s Guide (2019). Available at: https://iiconsortium.org/pdf/IoT_SMM_Practitioner_Guide_2019-02-25.pdf
  3. Global'noe issledovanie tendentsiy informatsionnoy bezopasnosti na 2017. Available at: https://www.pwc.ru/ru/publications/gsiss-2017.html
  4. Otchet Antifishinga o zaschischennosti sotrudnikov v 2020 godu (2021). Available at: https://antiphish.ru/tpost/88km7s0a01-otchyot-antifishinga-o-zaschischennosti
  5. Gartner nazvala 10 glavnyh trendov v sfere kiberbezopasnosti v 2021 godu. Available at: https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D1%8B%D0%B5_%D1%82%D0%B5%D0%BD%D0%B4%D0%B5%D0%BD%D1%86%D0%B8%D0%B8_%D0%B2_%D0%B7%D0%B0%D1%89%D0%B8%D1%82%D0%B5_%D0%B8%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%B8#.2AGartner_.D0.BD.D0.B0.D0.B7.D0.B2.D0.B0.D0.BB.D0.B0_10_.D0.B3.D0.BB.D0.B0.D0.B2.D0.BD.D1.8B.D1.85_.D1.82.D1.80.D0.B5.D0.BD.D0.B4.D0.BE.D0.B2_.D0.B2_.D1.81.D1.84.D0.B5.D1.80.D0.B5_.D0.BA.D0.B8.D0.B1.D0.B5.D1.80.D0.B1.D0.B5.D0.B7.D0.BE.D0.BF.D0.B0.D1.81.D0.BD.D0.BE.D1.81.D1.82.D0.B8_.D0.B2_2021_.D0.B3.D0.BE.D0.B4.D1.83
  6. Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: РС ТЕСHNOLOGY СЕNTЕR, 188. doi: https://doi.org/10.15587/978-617-7319-31-2
  7. Hryshchuk, R., Yevseiev, S. (2016). The synergetic approach for providing bank information security: the problem formulation. Ukrainian Scientific Journal of Information Security, 22 (1), 64–74. doi: https://doi.org/10.18372/2225-5036.22.10456
  8. Hryshchuk, R. V. (2010). Teoretychni osnovy modeliuvannia protsesiv napadu na informatsiu metodamy teoriy dyferentsialnykh ihor ta dyferentsialnykh peretvoren. Zhytomyr: Ruta, 280.
  9. Hryshchuk, R. V., Danyk, Yu. H.; Danyk, Yu. H. (Ed.) (2016). Osnovy kibernetychnoi bezpeky. Zhytomyr: ZhNAEU, 636.
  10. Petrov, O., Lahno, V. (2016). Povyshenie informatsionnoy bezopasnosti avtomatizirovannyh sitsem obrabotki dannyh na transporte. Information Technology in Selected Areas of Management. Krakow, 65–78.
  11. Model' zrelosti bezopasnosti interneta veschey: tolchok k razvitiyu bezopasnyh sistem. Available at: https://ics-cert.kaspersky.ru/reports/2019/08/14/the-internet-of-things-security-maturity-model-a-nudge-for-iot-cybersecurity/
  12. Trubetskov, D. I. (2011). Phenomenon of Lotka–Volterra mathematical model and similar models. Izvestiya VUZ. Applied Nonlinear Dynamics, 19 (2), 69–88. doi: https://doi.org/10.18500/0869-6632-2011-19-2-69-88
  13. Bratus', A. S., Novozhilov, A. S., Platonov, A. P. Dinamicheskie sistemy i modeli biologii. Available at: https://avmaksimov.ucoz.ru/_ld/1/109_-Bratus_A-Novoz.pdf
  14. Dormidontov, A. V., Mironova, L. V., Mironov, V. S. (2018). Possibility of the mathematical model of counteraction application to the assessment of transport infrastructure security level. Civil Aviation High Technologies, 21 (3), 67–77. doi: https://doi.org/10.26467/2079-0619-2018-21-3-67-77
  15. Kononovich, I. V. (2014). Dynamics of the number of information security incidents. Informatics and Mathematical Methods in Simulation, 4 (1), 35–43. Available at: http://immm.opu.ua/files/archive/n1_v4_2014/n1_v4_2014.pdf
  16. Kononovich, І., Mayevskiy, D., Podobniy, R. (2015). Models of system of the cibersecurity providing with delay of reaction on incidents. Informatics and Mathematical Methods in Simulation, 5 (4), 339–346. Available at: http://immm.opu.ua/files/archive/n4_v5_2015/n4_v5_2015.pdf
  17. Lippert, K. J., Cloutier, R. (2021). Cyberspace: A Digital Ecosystem. Systems, 9 (3), 48. doi: https://doi.org/10.3390/systems9030048
  18. Mazurczyk, W., Drobniak, S., Moore, S. (2016). Towards a Systematic View on Cybersecurity Ecology. Combatting Cybercrime and Cyberterrorism, 17–37. doi: https://doi.org/10.1007/978-3-319-38930-1_2
  19. Gorman, S. P., Kulkarni, R. G., Schintler, L. A., Stough, R. R. A Predator Prey Approach to the Network Structure of Cyberspace. Available at: https://www.researchgate.net/publication/255679706_A_predator_prey_approach_to_the_network_structure_of_cyberspace
  20. Crandall, J. R., Ensafi, R., Forrest, S., Ladau, J., Shebaro, B. (2008). The ecology of Malware. Proceedings of the 2008 Workshop on New Security Paradigms - NSPW ’08. doi: https://doi.org/10.1145/1595676.1595692
  21. Fink, G. A., Haack, J. N., McKinnon, A. D., Fulp, E. W. (2014). Defense on the Move: Ant-Based Cyber Defense. IEEE Security & Privacy, 12 (2), 36–43. doi: https://doi.org/10.1109/msp.2014.21
  22. Wu, L., Wang, Y. (2011). Estimation the parameters of Lotka–Volterra model based on grey direct modelling method and its application. Expert Systems with Applications, 38 (6), 6412–6416. doi: https://doi.org/10.1016/j.eswa.2010.09.013
  23. Diz-Pita, É., Otero-Espinar, M. V. (2021). Predator–Prey Models: A Review of Some Recent Advances. Mathematics, 9 (15), 1783. doi: https://doi.org/10.3390/math9151783
  24. Minaev, V. A., Sychev, M. P., Vayts, E. V., Gracheva, Yu. V. (2016). Matematicheskaya model' "hischnik-zhertva" v sisteme informatsionnoy bezopasnosti. Informatsiya i bezopasnost', 19 (3), 397–400. Available at: https://elibrary.ru/item.asp?id=27186929
  25. Yevseiev, S., Laptiev, O., Lazarenko, S., Korchenko, A., Manzhul, I. (2021). Modeling the protection of personal data from trust and the amount of information on social networks. EUREKA: Physics and Engineering, 1, 24–31. doi: https://doi.org/10.21303/2461-4262.2021.001615
  26. Yevseiev, S., Melenti, Y., Voitko, O., Hrebeniuk, V., Korchenko, A., Mykus, S. et. al. (2021). Development of a concept for building a critical infrastructure facilities security system. Eastern-European Journal of Enterprise Technologies, 3 (9 (111)), 63–83. doi: https://doi.org/10.15587/1729-4061.2021.233533
  27. Ya dogonyayu, ty ubegaesh'. Chto takoe model' Lotki-Vol'terry i kak ona pomogaet biologam. Available at: https://nplus1.ru/material/2019/12/04/lotka-volterra-model
  28. Shmatko, O., Balakireva, S., Vlasov, A., Zagorodna, N., Korol, O., Milov, O. et. al. (2020). Development of methodological foundations for designing a classifier of threats to cyberphysical systems. Eastern-European Journal of Enterprise Technologies, 3 (9 (105)), 6–19. doi: https://doi.org/10.15587/1729-4061.2020.205702
  29. ISO/IEC 27001:2013. Information technology – Security techniques – Information security management systems – Requirements. Available at: https://www.iso.org/standard/54534.html
  30. An Introduction to Factor Analysis of Information Risk (FAIR). Available at: https://www.yumpu.com/en/document/read/7271140/an-introduction-to-factor-analysis-of-information-risk-fair
  31. Chen, L., Jordan, S., Liu, Y.-K., Moody, D., Peralta, R., Perlner, R., Smith-Tone, D. (2016). Report on Post-Quantum Cryptography. NISTIR. doi: https://doi.org/10.6028/nist.ir.8105
  32. Lohachab, A., Lohachab, A., Jangra, A. (2020). A comprehensive survey of prominent cryptographic aspects for securing communication in post-quantum IoT networks. Internet of Things, 9, 100174. doi: https://doi.org/10.1016/j.iot.2020.100174
  33. Ugrozy bezopasnosti yadra paketnoy seti 4G (2017). Available at: https://www.ptsecurity.com/ru-ru/research/analytics/epc-2017/
  34. Uyazvimosti protokola Diameter v setyah 4G (2018). Available at: https://www.ptsecurity.com/ru-ru/research/analytics/diameter-2018/
  35. Godovoy otchet o podverzhennosti kiberatakam sotrudnikov kompaniy v Rossii i SNG. Available at: https://welcome.tiger-optics.ru/антифишинг-годовой-отчет?_ga=2.171180576.1827066423.1631692491-524698473.1631692491

Downloads

Published

2021-10-31

How to Cite

Yevseiev, S., Pohasii, S., Milevskyi, S., Milov, O., Melenti, Y., Grod, I., Berestov, D., Fedorenko, R., & Kurchenko, O. (2021). Development of a method for assessing the security of cyber-physical systems based on the Lotka–Volterra model. Eastern-European Journal of Enterprise Technologies, 5(9 (113), 30–47. https://doi.org/10.15587/1729-4061.2021.241638

Issue

Vol. 5 No. 9 (113) (2021): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2021 Serhii Yevseiev, Serhii Pohasii, Stanislav Milevskyi, Oleksandr Milov, Yevgen Melenti, Ivan Grod, Denis Berestov, Ruslan Fedorenko, Oleg Kurchenko

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.